This check checks if the CSR's name contains a field with no value. For example, the CSR Decoder would issue a warning about the name given below because the locality field is present, but has no value.
CN=www.acme.com, O=acme, L=, C=gb
The reason for this warning is that some CAs may reject CSRs that contain fields with empty values.
Checks for weak RSA keys generated by Debian-based
systems.
In May 2008, the Debian team announced that Luciano Bello
had discovered a vulnerabilty in the
Debian OpenSSL package. The impact was that all SSL and SSH
keys generated on Debian-based systems (including Ubuntu)
released between September 2006 and May 13th 2008 may be affected.
The Debian Security Team disclosed
this vulnerability in
Debian Security Advisory 1571.
The best resource on this vulnerability is the
Debian Wiki.
We have also written about this in our
CSR FAQ.
NIST recommends a minimum RSA key size of 2048-bits
after 31 December 2010.
For a number of years now many prominent voices in the security
community have suggested a move away from 1024-bit RSA key lengths by the end of 2010. In Special Publication 800-57 NIST recommends that 1024-bit RSA keys only be used to protect data until 2010. In 2003, RSA Labs published a document that recommended 1024-bit RSA keys should not be used to protect data with a lifetime beyond 2010.This check warns you if the RSA key size is less than 2048 bits
This SSL Checker will test your SSL certificate and help identify
any problems with it.
SSL Certificate Summary
Subject
| RDN |
Value |
| Common Name (CN) |
esk.sbrf.ru |
| Organizational Unit (OU) |
OSDO |
| Organization (O) |
Sberbank of Russia |
| Locality (L) |
Moscow |
| State (ST) |
Moscow |
| Country (C) |
RU |
Properties
| Property |
Value |
| Issuer Company |
Thawte, Inc. |
| Issuer Full Name |
CN = Thawte SGC CA - G2,O = "Thawte, Inc.",C = US |
| Subject |
CN = esk.sbrf.ru,OU = OSDO,O = Sberbank of Russia,L = Moscow,ST = Moscow,C = RU |
| Valid From |
June 7, 2011, midnight |
| Valid To |
July 6, 2013, 11:59 p.m. |
| Serial Number |
4E:65:7E:ED:97:99:36:FF:FF:93:8A:22:10:71:02:EC (104206780061537493531650130432803013356) |
| CA Cert |
No |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
44:28:91:EB:FB:1E:3B:FE:E7:6B:A9:22:51:39:9A:CE:14:4F:BF:E8 |
| Fingerprint (MD5) |
33:59:5B:4A:CB:10:51:B3:8D:55:6D:0C:BF:7D:B0:64 |
| SANS |
|
Detailed Information
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:65:7e:ed:97:99:36:ff:ff:93:8a:22:10:71:02:ec
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thawte, Inc., CN=Thawte SGC CA - G2
Validity
Not Before: Jun 7 00:00:00 2011 GMT
Not After : Jul 6 23:59:59 2013 GMT
Subject: C=RU, ST=Moscow, L=Moscow, O=Sberbank of Russia, OU=OSDO, CN=esk.sbrf.ru
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a6:d6:8d:3c:b1:62:32:23:d6:6f:96:06:d5:de:
6b:33:34:e4:b7:59:ec:d8:fd:02:0c:cf:16:97:a3:
2c:be:fd:75:b7:fb:2b:15:02:ff:39:8b:35:e2:2a:
b3:5e:74:c9:7f:6a:22:7f:d4:4f:df:4e:d2:c9:fc:
1d:13:19:0d:b4:16:9c:4f:e6:f7:6b:38:74:67:a6:
ba:94:8e:28:10:0d:7c:2f:79:59:91:e7:c2:b4:81:
6c:12:c1:0f:ad:1b:24:bb:75:77:81:cb:9a:7f:79:
fc:28:f8:bc:e8:04:ad:04:25:3b:d7:15:f0:89:49:
07:eb:82:ef:8b:0b:5d:be:56:d7:84:e8:c9:e5:6f:
e8:c8:39:37:07:41:00:a7:dc:82:39:98:60:81:e3:
54:a3:3f:05:f4:59:d6:fd:07:7d:98:77:31:71:3d:
32:4c:39:4c:5a:29:5f:9f:ac:bc:42:d5:43:a7:2f:
0d:d6:da:08:b5:b1:f6:40:dd:b1:b9:8e:c5:35:25:
02:9b:96:07:7f:63:4c:5d:d2:b8:18:c4:52:64:0f:
91:d9:e5:c3:d0:ab:84:2b:f0:f5:10:a5:62:0c:88:
bb:f1:80:bb:a4:10:37:ca:c2:dd:24:c6:ed:ab:e2:
7e:c2:17:ae:2c:82:6c:b8:eb:16:e2:af:df:36:9b:
c5:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 CRL Distribution Points:
URI:http://svr-sgc-crl.thawte.com/ThawteSGCG2.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, Netscape Server Gated Crypto
Authority Information Access:
OCSP - URI:http://ocsp.thawte.com
CA Issuers - URI:http://svr-sgc-aia.thawte.com/ThawteSGCG2.cer
Signature Algorithm: sha1WithRSAEncryption
c6:b8:92:73:54:43:57:fe:78:bf:5a:6d:2b:39:18:c4:24:12:
a4:36:8c:3b:1a:ea:84:3b:7c:c4:92:0b:e9:d9:0c:d0:d9:e6:
fe:51:86:12:0d:ce:08:06:76:de:2a:12:46:32:6a:f9:5d:dc:
3c:c7:0b:31:43:5d:5c:a7:47:07:19:fe:23:31:1c:79:8b:bd:
3c:22:c4:3f:a4:c2:39:10:95:c2:36:da:81:77:0d:e4:e0:68:
09:35:65:83:34:03:05:c3:c5:31:6f:c5:6d:d1:96:e0:50:aa:
4d:74:0f:d8:ec:7a:52:59:09:8c:73:d9:a9:39:18:70:5d:fa:
13:03:1a:99:4f:4d:f1:71:8e:27:f6:99:f1:e1:3e:ba:65:14:
b1:12:72:09:82:45:83:7f:60:7e:22:e3:95:d1:0c:02:6d:bf:
15:13:55:3a:ff:98:af:16:57:5f:d0:2e:9f:74:46:d4:d7:d5:
2d:bf:3b:cf:a4:13:45:d0:ab:20:fe:55:65:69:02:18:ad:77:
27:42:4f:2b:c1:d9:c3:76:ae:fa:4d:6c:72:bc:04:0c:5c:68:
f5:6c:77:6f:d3:be:df:2a:51:33:18:2a:03:57:6b:11:ce:73:
b8:f4:b5:43:ba:ea:f0:f3:7b:84:c2:8c:08:06:b4:52:25:5a:
09:67:1e:99
Certificates Received
Certificate - esk.sbrf.ru
| Property |
Value |
| Issuer Company |
Thawte, Inc. |
| Issuer Full Name |
CN = Thawte SGC CA - G2,O = "Thawte, Inc.",C = US |
| Subject |
CN = esk.sbrf.ru,OU = OSDO,O = Sberbank of Russia,L = Moscow,ST = Moscow,C = RU |
| Valid From |
June 7, 2011, midnight |
| Valid To |
July 6, 2013, 11:59 p.m. |
| Serial Number |
4E:65:7E:ED:97:99:36:FF:FF:93:8A:22:10:71:02:EC (104206780061537493531650130432803013356) |
| CA Cert |
No |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
44:28:91:EB:FB:1E:3B:FE:E7:6B:A9:22:51:39:9A:CE:14:4F:BF:E8 |
| Fingerprint (MD5) |
33:59:5B:4A:CB:10:51:B3:8D:55:6D:0C:BF:7D:B0:64 |
| PEM |
-----BEGIN CERTIFICATE-----
MIIEJzCCAw+gAwIBAgIQTmV+7ZeZNv//k4oiEHEC7DANBgkqhkiG9w0BAQUFADBB
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRswGQYDVQQDExJU
aGF3dGUgU0dDIENBIC0gRzIwHhcNMTEwNjA3MDAwMDAwWhcNMTMwNzA2MjM1OTU5
WjBxMQswCQYDVQQGEwJSVTEPMA0GA1UECBMGTW9zY293MQ8wDQYDVQQHFAZNb3Nj
b3cxGzAZBgNVBAoUElNiZXJiYW5rIG9mIFJ1c3NpYTENMAsGA1UECxQET1NETzEU
MBIGA1UEAxQLZXNrLnNicmYucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCm1o08sWIyI9ZvlgbV3mszNOS3WezY/QIMzxaXoyy+/XW3+ysVAv85izXi
KrNedMl/aiJ/1E/fTtLJ/B0TGQ20FpxP5vdrOHRnprqUjigQDXwveVmR58K0gWwS
wQ+tGyS7dXeBy5p/efwo+LzoBK0EJTvXFfCJSQfrgu+LC12+VteE6Mnlb+jIOTcH
QQCn3II5mGCB41SjPwX0Wdb9B32YdzFxPTJMOUxaKV+frLxC1UOnLw3W2gi1sfZA
3bG5jsU1JQKblgd/Y0xd0rgYxFJkD5HZ5cPQq4Qr8PUQpWIMiLvxgLukEDfKwt0k
xu2r4n7CF64sgmy46xbir982m8UFAgMBAAGjgeowgecwDAYDVR0TAQH/BAIwADA+
BgNVHR8ENzA1MDOgMaAvhi1odHRwOi8vc3ZyLXNnYy1jcmwudGhhd3RlLmNvbS9U
aGF3dGVTR0NHMi5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglg
hkgBhvhCBAEwbQYIKwYBBQUHAQEEYTBfMCIGCCsGAQUFBzABhhZodHRwOi8vb2Nz
cC50aGF3dGUuY29tMDkGCCsGAQUFBzAChi1odHRwOi8vc3ZyLXNnYy1haWEudGhh
d3RlLmNvbS9UaGF3dGVTR0NHMi5jZXIwDQYJKoZIhvcNAQEFBQADggEBAMa4knNU
Q1f+eL9abSs5GMQkEqQ2jDsa6oQ7fMSSC+nZDNDZ5v5RhhINzggGdt4qEkYyavld
3DzHCzFDXVynRwcZ/iMxHHmLvTwixD+kwjkQlcI22oF3DeTgaAk1ZYM0AwXDxTFv
xW3RluBQqk10D9jselJZCYxz2ak5GHBd+hMDGplPTfFxjif2mfHhPrplFLEScgmC
RYN/YH4i45XRDAJtvxUTVTr/mK8WV1/QLp90RtTX1S2/O8+kE0XQqyD+VWVpAhit
dydCTyvB2cN2rvpNbHK8BAxcaPVsd2/Tvt8qUTMYKgNXaxHOc7j0tUO66vDze4TC
jAgGtFIlWglnHpk=
-----END CERTIFICATE-----
|
Certificate - Thawte SGC CA - G2
| Property |
Value |
| Issuer Company |
VeriSign, Inc. |
| Issuer Full Name |
CN = VeriSign Class 3 Public Primary Certification Authority - G5,OU = "(c) 2006 VeriSign, Inc. - For authorized use only",OU = VeriSign Trust Network,O = "VeriSign, Inc.",C = US |
| Subject |
CN = Thawte SGC CA - G2,O = Thawte\, Inc.,C = US |
| Valid From |
July 29, 2010, midnight |
| Valid To |
July 28, 2020, 11:59 p.m. |
| Serial Number |
18:A2:23:6C:D7:27:C7:52:8D:F6:7B:4B:85:6E:FF:ED (32743342497485668866873372693735866349) |
| CA Cert |
Yes |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
BE:BC:70:D3:DF:2B:3F:8F:55:AE:D9:83:BF:20:F2:E3:B2:1A:36:F6 |
| Fingerprint (MD5) |
E0:08:48:A4:3C:BA:3E:49:0F:79:70:6E:B3:54:8C:AC |
| PEM |
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIQGKIjbNcnx1KN9ntLhW7/7TANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwNzI5MDAwMDAwWhcNMjAwNzI4MjM1OTU5WjBBMQsw
CQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMRswGQYDVQQDExJUaGF3
dGUgU0dDIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN
2elcVUzG/SYNPJ1WOnpGAgXr8MKtvhIvWf9nNSnZadlNNz5th0m8u9UWYkQpcZZc
pifoxZz8GQspry5c2guPv+1TFaeCNTBeCDYyJDY2GuRyK8RoSKR4HzM0IP6Xbpys
Ov3m/YNfdYNxXZDfvUhXbRAmr29B2Mx4nj2chSiJQzGrp26hvALmvo/DY6RkaDsb
w9ozyHtaH9YIcrI2NBjTIE+Y6AKT31CyZ8g9lmRVx2klCrohNnDTWaiC0lRtTgZa
4dgHjTW40BahdP5KG3CoqUOagCegQLdv+eOoqB6KkzyWNqeI6TadwePvtn4CN2IJ
14vGcNkyUJqxpx5UIR5JAgMBAAGjggEzMIIBLzAyBggrBgEFBQcBAQQmMCQwIgYI
KwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wEgYDVR0TAQH/BAgwBgEB
/wIBADA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9w
Y2EzLWc1LmNybDA0BgNVHSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG
+EIEAQYKYIZIAYb4RQEIATAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx
GjAYBgNVBAMTEVZlcmlTaWduTVBLSS0yLTE3MB0GA1UdDgQWBBQkwMCkSTxSCxLY
kgxR0YenTVR1LDAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq
hkiG9w0BAQUFAAOCAQEAONp2NRhJMjTwtOgoCEXrj2I+mSFyd5XgNoKz/6t/Emzh
HBDJVJjlDDF0zIB6oCanRcgRTHbk0KmxyJKjgHkmDY3PyEdjLRM8wpY01wBCOkqL
nhep3MlQxUDhKUVhIvWzsIh4ja6hjVBvRIJ0UocVDBxO8hY32sEFadkBVO7NcUn2
bFZ8dXPiip+maddgnwTDo5+BYLPFvaVV0GnbRZhkIPLAi4xO6VdSNqu7U2cwiWMT
KPNE0UN2tIFoKgchP4/0Z9MIoHnezLlTLR9E01ScowdNigg0Td0Xev6ta0uZtgDJ
YnZ+mJqiSRyGvrJVlSwtJyG8GbDxPq220Rre7bbuNQ==
-----END CERTIFICATE-----
|
Certificate - VeriSign Class 3 Public Primary Certification Authority - G5
| Property |
Value |
| Issuer Company |
VeriSign, Inc. |
| Issuer Full Name |
OU = Class 3 Public Primary Certification Authority,O = "VeriSign, Inc.",C = US |
| Subject |
CN = VeriSign Class 3 Public Primary Certification Authority - G5,OU = (c) 2006 VeriSign\, Inc. - For authorized use only,OU = VeriSign Trust Network,O = VeriSign\, Inc.,C = US |
| Valid From |
Nov. 8, 2006, midnight |
| Valid To |
Nov. 7, 2021, 11:59 p.m. |
| Serial Number |
25:0C:E8:E0:30:61:2E:9F:2B:89:F7:05:4D:7C:F8:FD (49248466687453522052688216172288342269) |
| CA Cert |
Yes |
| Key Size |
2048 bits |
| Fingerprint (SHA-1) |
32:F3:08:82:62:2B:87:CF:88:56:C6:3D:B8:73:DF:08:53:B4:DD:27 |
| Fingerprint (MD5) |
F9:1F:FE:E6:A3:6B:99:88:41:D4:67:DD:E5:F8:97:7A |
| PEM |
-----BEGIN CERTIFICATE-----
MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz
dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv
ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8
RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb
ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR
TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH
iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB
AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0
dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9
BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy
aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI
KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU
j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t
L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v
b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC
BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA
A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K
lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ
tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/
-----END CERTIFICATE-----
|
